April 6th, 2004, 03:44 AM
April 6th, 2004, 04:29 AM
Perhaps there is something infecting Iexplore, or set to run when ever you run iexplore. I dont think this has anything to do with Antionline. Have you checked to see if you are listening on 1027. Run a quick netstat -a. If you are listening, then you may be infected with something. Other than the obvious, run a virus scan, start monitoring bandwidth usage, and sniff packets regularly on your local machine, until you figure out what this is all about.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
April 6th, 2004, 06:14 AM
So are those trojans on your computer? If their not, then that's probably just a random netwide scan for trojans somebodies making. Nothing to really worry about, as long as you do block those ports. If you get any more activity from those specific addresses, you may as well block their address.
Sounds like random scan traffic to me, nothing to worry about unless you get a whole lot more.
April 6th, 2004, 07:00 AM
Thanks people, i'm sorry it has taken me this long to respond.
But unfortunatly after further investigating and reading.
I found to my dismay that my box was being used as a Zombie..
So hopefully by formatting the hard disk and doing a clean re-install of all Os on the network the problem at hand should be fixed..
Anyhow after starting this thread, i started recieving large amounts of traffic through the firewall, so i did as Dr Toker suggested and ran a quick netstat -a and i was amazed at what i found.
There were at least 2 strange connections.
I've traced the strange connections back to there origin, and hopefully i have found the people involved in turning my Box's into Zombies.
I have sent e-mails to the relevant ISP and hopefully i will recieve some kind of reply back..
So thanks to the those that helped both on this thread and via Pm's.
April 6th, 2004, 03:29 PM
Just checked the offending IP and it looks a lot like an open proxy. Somebody probably abused it to scan you. Send an email to the abuse address informing them of an open proxy on their network and have them shut it down.
Experience is something you don't get until just after you need it.
April 7th, 2004, 02:37 PM
Well i sent an e-mail to the Company that issued that IP, i haven't heard anything back, + i also lodged a complaint with another company..
I received a reply and they asked for evidence.
So i sent both screen dumps plus some other info that i collected from my Box's. So hopefully they should reply back soon, as i'm eager to find out what they heck the moron was up to..
April 7th, 2004, 02:51 PM
just asking :
what firewall do you use ?